Status message

Firms gird for fast-approaching NYDFS cyber-security deadlines

For financial firms that do business in New York, a fast-approaching Aug. 28 deadline is an important reminder that new cyber-security demands in that state will bring waves of cost, complexity, and compliance.

For about a year, New York’s Department of Financial Services (NYDFS) has hammered out enhanced cyber-security expectations for financial institutions that fall within its oversight. The agency’s regulations will impose a host of new security, personnel, attestation, and reporting requirements.

In large part, the impetus for the state rules, according to NYDFS, is research showing that, despite heightened cyber-security risks, roughly 36 percent of banks still don’t have a chief information security officer.

The new rule regime has many in the world of financial firms on pins and needles.

“Certain components of the compliance obligations, like attestation and some of the broader requirements put in place” are costly, broad challenges, says Douglas... To get the full story, subscribe now.